Announcement

Collapse
No announcement yet.

Sites hacked

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Sites hacked

    Interesting thing has occured.
    A customer rang to say when she found us in Google and clicked through to one of our sites, she ended up on a porn site.
    Strange thing, we'd been using them happily as usual with no probs.

    It turns out that the .htaccess files had been altered to redirect any incoming requests from any of the major search engines.

    So replacing the .htaccess files sorted out that problem.

    Interestingly, only the sites we updated last week were hacked, the others weren't touched.

    So the question is - how was it done?

    I thought perhaps we had a keylogger on our system, but ESET scans all drives and pc's on the network as clean.

    Does anyone have any tips and or advice?
    Is there a utility that does a better job at finding keyloggers than ESET?

    Moral of the story (for us anyway) check your sites via search engine links as well as via direct URL.

    It may explain why business was so quiet over the weekend!
    Alarming to think how many potential customers will have looked and run away in disgust; without reporting to us. Top marks to the lady who did.
    Kind Regards
    Sean Williams

    Calamander Ltd
    Tags: None
    #2
    Try Malwarebytes, one of the best anti-malware pieces of software around, and it's free.

    I suppose the only real way to find out when it was done is to contact your host and ask for the FTP logs.

    Glad it's sorted now though!

    Comment

      #3
      As I posted recently, there was a case in the last three weeks where one of the very big hosting companies had, as far as we could see, hundreds of sites hacked, a few of which were Actinic ones. The most obvious explanation was the acquisition by the hacker of FTP logons and passwords, possibly via a key logger.

      We have done some searching and there are a lot of references across the Internet to this problem. For our own internal admin, we've strengthened our passwords (longer and not using any known words or simple variants of known words), installed keyboard scrambler software, started a policy of only cutting and pasting passwords and started scanning for vulnerabilities with more than piece of software, to increase coverage. We also use Malwarebytes to scan the machines.

      These are probably not bad practises for anyone.

      Chris

      Comment

        #4
        Thanks Chris - some useful advice.

        As a result of the experience we've done pretty well the same as you, except for a keyboard scrambler.
        Which one did you plump for?

        Thanks for the advice on Malwarebytes Grant - we considerd that long and hard, but decided on Spy Sweeper as it fares slightly better in it's detection rate, if various reviews are to be believed.

        We've now employed Spy Sweeper to scan everything in the office that spins (including the cat) and it turned up no malware at all, apart from the usual cookies from doubleclick et al. This is a relief as we were worried it might have been a keylogger. The thought of some crim watching everything typed on our computers makes me feel nauseous.
        And flaming furious too of course
        Kind Regards
        Sean Williams

        Calamander Ltd

        Comment

          #5
          interesting

          i had a few sites last month actinic and none actinic locked down by my provider for me and emailed to tell me

          just looked at

          \KeyScrambler Personal 2.1.0.1
          https://addons.mozilla.org/en-US/firefox/addon/3383
          after chris mentioned it

          might give it a spin
          Remembering the road to Actinic enlightenment is a long and sometimes painful one.
          Current project:
          cheapadulttoys4u.co.uk
          cheaplingerie4u.co.uk
          Something for the Missus,Something for the Weekend

          Comment

            #6
            Yes, we're using Keyscrambler too.

            Chris

            Comment

              #7
              Originally posted by Sean Williams View Post
              Thanks for the advice on Malwarebytes Grant - we considerd that long and hard, but decided on Spy Sweeper as it fares slightly better in it's detection rate, if various reviews are to be believed.
              Very true - I opted for Kaspersky Internet Security Suite on all machines and run Malwarebytes every week through a Scheduled Task. Never had a problem - have to say I love Kaspersky IS for the capability of blocking ads - so very few sites actually show Adsense/spam ads.

              Seems server security needs looking at now.

              Comment

                #8
                Originally posted by grantglendinnin View Post
                Seems server security needs looking at now.
                I quizzed UKFast on this - our site logs showed repeated attempts to log in, so the assumption is the crims were using software hammers to break in.

                Best of luck to them now though as we're using unintelligible, unrememberabable passwrods
                Kind Regards
                Sean Williams

                Calamander Ltd

                Comment

                Previous template Next
                Working...
                X